Wednesday, June 6, 2012

Microsoft SCM - Export Only Critical Severity

Microsoft SCM is a great tool for quickly deploying security baselines to your organisation. Microsoft SCM version 2 and higher provides security policies which fall into 4 severity categories:

Critical

Important

Optional

None

For the average enterprise organisation, they want to implement all policies stipulated under the Critical severity category as most settings in the critical category are in alignment with the former Enterprise Client (EC) baseline.

When you export a Microsoft baseline however to a GPO, it exports policies in all categories - something you want to be very caucious doing as it will significantely reduce functionality. The "Important" category aligns with the older Specialized Security-Limited Functionality (SSLF), a model that "looks at disabling everything then allowing what is required".

So how do you go about exporting just policies in the Critical category?

To export all policies in the Critical category, perform the following steps:

Create a custom baseline, for example select one of the Microsoft baselines and then click Duplicate in the Actions pane. Now select your custom baseline, then change to "simple view" by clicking the button to the left of Advanced View above the middle pane, click the drop-down menu labeled Group View and select Simple View. Now sort the settings by severity by clicking the top of column labeled Severity. Next, you can use shift-click to click multiple settings, then click Delete in the Actions pane to remove them from the baseline. Use this method to remove the settings with a severity other than critical. Now you can export the baseline with only the desired severity.